diff options
| author | Matt Morehouse <mascasa@google.com> | 2018-07-17 16:12:00 +0000 |
|---|---|---|
| committer | Matt Morehouse <mascasa@google.com> | 2018-07-17 16:12:00 +0000 |
| commit | 43a229697622b5933da1fdeb61d4eac2a2b7742c (patch) | |
| tree | fa55d447d062835c5be38fc82c485dfa7f3622fa /compiler-rt/lib/fuzzer/FuzzerLoop.cpp | |
| parent | a448670b5b5c896ccaf4fa016783f684ddab7939 (diff) | |
| download | bcm5719-llvm-43a229697622b5933da1fdeb61d4eac2a2b7742c.tar.gz bcm5719-llvm-43a229697622b5933da1fdeb61d4eac2a2b7742c.zip | |
libFuzzer: prevent irrelevant strings from leaking into auto-dictionary
This is a fix for bug 37047.
https://bugs.llvm.org/show_bug.cgi?id=37047
Implemented by basically reversing the logic. Previously all strings
were considered, with some operations excluded. Now strings are excluded
by default, and only strings during the CB considered.
Patch By: pdknsk
Differential Revision: https://reviews.llvm.org/D48800
llvm-svn: 337296
Diffstat (limited to 'compiler-rt/lib/fuzzer/FuzzerLoop.cpp')
| -rw-r--r-- | compiler-rt/lib/fuzzer/FuzzerLoop.cpp | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/compiler-rt/lib/fuzzer/FuzzerLoop.cpp b/compiler-rt/lib/fuzzer/FuzzerLoop.cpp index ba61c15f01b..a2d53ee48db 100644 --- a/compiler-rt/lib/fuzzer/FuzzerLoop.cpp +++ b/compiler-rt/lib/fuzzer/FuzzerLoop.cpp @@ -43,6 +43,8 @@ thread_local bool Fuzzer::IsMyThread; SharedMemoryRegion SMR; +bool RunningUserCallback = false; + // Only one Fuzzer per process. static Fuzzer *F; @@ -243,7 +245,7 @@ void Fuzzer::CrashCallback() { } void Fuzzer::ExitCallback() { - if (!RunningCB) + if (!RunningUserCallback) return; // This exit did not come from the user callback if (EF->__sanitizer_acquire_crash_state && !EF->__sanitizer_acquire_crash_state()) @@ -277,7 +279,7 @@ void Fuzzer::AlarmCallback() { if (!InFuzzingThread()) return; #endif - if (!RunningCB) + if (!RunningUserCallback) return; // We have not started running units yet. size_t Seconds = duration_cast<seconds>(system_clock::now() - UnitStartTime).count(); @@ -451,9 +453,9 @@ void Fuzzer::CheckForUnstableCounters(const uint8_t *Data, size_t Size) { ScopedEnableMsanInterceptorChecks S; UnitStartTime = system_clock::now(); TPC.ResetMaps(); - RunningCB = true; + RunningUserCallback = true; CB(Data, Size); - RunningCB = false; + RunningUserCallback = false; UnitStopTime = system_clock::now(); }; @@ -558,9 +560,9 @@ void Fuzzer::ExecuteCallback(const uint8_t *Data, size_t Size) { AllocTracer.Start(Options.TraceMalloc); UnitStartTime = system_clock::now(); TPC.ResetMaps(); - RunningCB = true; + RunningUserCallback = true; int Res = CB(DataCopy, Size); - RunningCB = false; + RunningUserCallback = false; UnitStopTime = system_clock::now(); (void)Res; assert(Res == 0); |
